The Sarbanes-Oxley Act never mentions cybersecurity. However, the SEC has released “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” which makes an issuer's cybersecurity program a compliance event.

Technology and data usage expose companies to a variety of potential risk events that could materially affect their financial statements.

SOX Cybersecurity compliance refers to a public company implementing strong internal control processes to mitigate identified and disclosed cybersecurity risks.

This event focuses on:

Understanding the SEC's guidance for cybersecurity assessments.
Maintaining a comprehensive set of policies and procedures related to cybersecurity risks and internal controls.

Creating and operating appropriate and effective cybersecurity internal controls.
Addressing the issuer's disclosure obligations under the federal securities laws.
Reminding corporate insiders of the applicable insider trading prohibitions under the general antifraud provisions of the federal securities laws. In addition, they are reminded of the obligation to refrain from selective disclosure of material nonpublic information about cybersecurity risks or incidents.

This timely, four-hour CPE seminar is designed for internal audit management, compliance managers, controllers, CFO's and others who have to create value within the cybersecurity internal control framework.

This internal control training course will provide each attendee with 4 CPE Event Hours (YB). A certificate of completion will be provided.

SOX Compliance for Cybersecurity Assessments

$280.00

Quantity

Offered every six weeks on Fridays at 10:00 a.m. to 2:30 p.m. Central Time in four CPE-Credit event.

We can schedule private events on your timetable for two or more attendees.
This CPE event reviews and answers the following questions:

SEC Cybersecurity Disclosure

Frameworks to guide cybersecurity risk mitigation

Cybersecurity risk assessment

Testing cybersecurity controls
Defining “SOX for Cybersecurity” compliance

Learning the reasons behind the need for stronger cybersecurity controls

Understanding the structure of IT departments and their support services

Conducting an IT Risk Assessment

Understanding the categories of IT general controls and IT application controls

Identifying the specific additional controls and tests to mitigate SOX Cybersecurity risks
Section 1 - Introduction and Definitions

What is SOX for Cybersecuirty Compliance?

SEC Cybersecurity Disclosure

Section 2 - Overview of Computer Systems and IT Audits

Information Technology Systems

Information Technology Audits

Benefits of Internal Contols

Section 3 - Internal Control Frameworks Impacting SOX Cyber

What is a "System of Internal Contol"?

COSO 2013 Internal Control Framework

IT Control "Frameworks"

Section 4 - IT Controls for SOX Compliance

SOX Compliance Audits

General Controls

Activity Controls

Section 5 - SOX for Cybersecurity (SOXCS) Implementation Guidance

SOX for Cybersecurity Implementation

Understanding the IT Organizaiton

Segregation of Duties

IT Infrastruture Components

Section 6 - Assessing Information Technology Risks

Cybersecurity Risk Assessment

"Heat-Map" the Risks

People Create Cybersecurity Risk

Section 7 - Physical Security Controls for SOXCS

Physical security

What's New in Physical Security?

Physical Security Tests

Section 8 - Logical Security Controls

Testing Logical Security Controls

"ACDs" Adds, Changes and Deletes to Access

Role-Based Security

User Entitilement

Segregation of Duties Conflicts

Network Vulnerabilites

Firewall Configuration

Privileged Accounts

Service Accounts

Network Segmentation

Patch Management

Anti-Virus Protection

Encryption

Data Loss Prevention Controls

Section 9 - Systems Development and Change Controls

SDLC Policy and Controls

Financial Application Change Controls

Interface Controls

Section 10 - Backup and Restoration Controls

Backup Schedules and Logs

Restoration Testing

Section 11 - Summary
The "Sarbanes-Oxley Act Compliance for Cybersecurity Assessments" CPE training event is a comprehensive program designed to help attendees understand the SOX compliance requirements for cybersecurity assessments.

This training covers the key provisions of the Sarbanes-Oxley Act (SOX) and how they apply to an organization's information security practices, including assessments of internal control systems, risk management, and data protection. Participants will gain a deep understanding of the COSO 2013 framework for Internal Controls Over Financial Reporting (ICFR) and how it can be used to ensure SOX compliance. The event will provide a thorough overview of the ICFR framework and its components, as well as best practices for implementing and maintaining ICFR controls.

The ICFR SOX Compliance training will be delivered by expert instructors and feature interactive sessions and real-world case studies, providing attendees with practical knowledge and skills that can be immediately applied to their own organizations.

The program is designed for professionals looking to build their knowledge and skills in SOX compliance, ICFR training, and cybersecurity assessments. By attending this CPE training event, participants will gain a comprehensive understanding of the requirements and best practices for SOX compliance in the area of cybersecurity assessments.

SOX Compliance for Cybersecurity Assessments

Details on Event Presentation

CPE Event Highlights

Learning Objectives

Key Issues on the Agenda

NASBA Program Disclosure

Summary of the Subject Matter

Contact Us